# Which Problems Are Solved
Resource owner can be different than expected if the provided
x-zitadel-orgid header is provided.
# How the Problems Are Solved
Check that the project is only checked with the correct resource owner
to avoid unexpected situations.
# Additional Changes
None
# Additional Context
Closes#8685
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
# Which Problems Are Solved
Imporve the performance of user grant addition, especially for import.
# How the Problems Are Solved
Use the search table to query for the project grant state.
This could easily be done by making the search used in
`checkProjectGrantPreCondition` reusable.
# Additional Changes
Chanded event declerations to `const` in the
`internal/repository/project` package.
# Additional Context
- Performance improvements for import are evaluated and acted upon
internally at the moment
---------
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
# Which Problems Are Solved
To improve performance a new table and method is implemented on
eventstore. The goal of this table is to index searchable fields on
command side to use it on command and query side.
The table allows to store one primitive value (numeric, text) per row.
The eventstore framework is extended by the `Search`-method which allows
to search for objects.
The `Command`-interface is extended by the `SearchOperations()`-method
which does manipulate the the `search`-table.
# How the Problems Are Solved
This PR adds the capability of improving performance for command and
query side by using the `Search`-method of the eventstore instead of
using one of the `Filter`-methods.
# Open Tasks
- [x] Add feature flag
- [x] Unit tests
- [ ] ~~Benchmarks if needed~~
- [x] Ensure no behavior change
- [x] Add setup step to fill table with current data
- [x] Add projection which ensures data added between setup and start of
the new version are also added to the table
# Additional Changes
The `Search`-method is currently used by `ProjectGrant`-command side.
# Additional Context
- Closes https://github.com/zitadel/zitadel/issues/8094
# Which Problems Are Solved
Improve the performance of the `admin/v1/import` API endpoint.
Specifaclly the import of large amount of project grants.
# How the Problems Are Solved
`AddProjectGrantWithID` and `AddProjectGrantMember` methods of
`Commands` used to get the current state of the Writemodel to check if
the current GrantID or the combination of GrantID & UserID wasn't
already used. However, the Added events already have protection against
duplication by the `UniqueConstaint` methods.
The queries become very slow when there is a great amount of project
grants. Because all the events are pushed to the aggregate ID of the
project, we had to obtain all related project events, including events
of grantIDs we do not care about. This O(n) duration for bached import
jobs adding many organization granted to a single project.
This change removes the unnecesary state query to improve performance.
# Additional Changes
- Add integration tests for import
# Additional Context
- reported internally
# Which Problems Are Solved
This fix adds tracing spans to all V1 API import related functions. This
is to troubleshoot import related performance issues reported to us.
# How the Problems Are Solved
Add a tracing span to `api/grpc/admin/import.go` and all related
functions that are called in the `command` package.
# Additional Changes
- none
# Additional Context
- Reported by internal communication
* feat(command): remove org
* refactor: imports, unused code, error handling
* reduce org removed in action
* add org deletion to projections
* add org removal to projections
* add org removal to projections
* org removed projection
* lint import
* projections
* fix: table names in tests
* fix: table names in tests
* logging
* add org state
* fix(domain): add Owner removed to object details
* feat(ListQuery): add with owner removed
* fix(org-delete): add bool to functions to select with owner removed
* fix(org-delete): add bools to user grants with events to determine if dependencies lost owner
* fix(org-delete): add unit tests for owner removed and org removed events
* fix(org-delete): add handling of org remove for grants and members
* fix(org-delete): correction of unit tests for owner removed
* fix(org-delete): update projections, unit tests and get functions
* fix(org-delete): add change date to authnkeys and owner removed to org metadata
* fix(org-delete): include owner removed for login names
* fix(org-delete): some column fixes in projections and build for queries with owner removed
* indexes
* fix(org-delete): include review changes
* fix(org-delete): change user projection name after merge
* fix(org-delete): include review changes for project grant where no project owner is necessary
* fix(org-delete): include auth and adminapi tables with owner removed information
* fix(org-delete): cleanup username and orgdomain uniqueconstraints when org is removed
* fix(org-delete): add permissions for org.remove
* remove unnecessary unique constraints
* fix column order in primary keys
* fix(org-delete): include review changes
* fix(org-delete): add owner removed indexes and chang setup step to create tables
* fix(org-delete): move PK order of instance_id and change added user_grant from review
* fix(org-delete): no params for prepareUserQuery
* change to step 6
* merge main
* fix(org-delete): OldUserName rename to private
* fix linting
* cleanup
* fix: remove org test
* create prerelease
* chore: delete org-delete as prerelease
Co-authored-by: Stefan Benz <stefan@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
* feat(import): add functionality to import data into an instance
* feat(import): move import to admin api and additional checks for nil pointer
* fix(export): export implementation with filtered members and grants
* fix: export and import implementation
* fix: add possibility to export hashed passwords with the user
* fix(import): import with structure of v1 and v2
* docs: add v1 proto
* fix(import): check im imported user is already existing
* fix(import): add otp import function
* fix(import): add external idps, domains, custom text and messages
* fix(import): correct usage of default values from login policy
* fix(export): fix renaming of add project function
* fix(import): move checks for unit tests
* expect filter
* fix(import): move checks for unit tests
* fix(import): move checks for unit tests
* fix(import): produce prerelease from branch
* fix(import): correctly use provided user id for machine user imports
* fix(import): corrected otp import and added guide for export and import
* fix: import verified and primary domains
* fix(import): add reading from gcs, s3 and localfile with tracing
* fix(import): gcs and s3, file size correction and error logging
* Delete docker-compose.yml
* fix(import): progress logging and count of resources
* fix(import): progress logging and count of resources
* log subscription
* fix(import): incorporate review
* fix(import): incorporate review
* docs: add suggestion for import
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
* fix(import): add verification otp event and handling of deleted but existing users
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Fabienne <fabienne.gerschwiler@gmail.com>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
* fix: org tests
* fix: org tests
* fix: user grant test
* fix: user grant test
* fix: project and project role test
* fix: project grant test
* fix: project grant test
* fix: project member, grant member, app changed tests
* fix: application tests
* fix: application tests
* fix: add oidc app test
* fix: add oidc app test
* fix: add api keys test
* fix: iam policies
* fix: iam and org member tests
* fix: clock skew validation
* revert crypto changes
* fix: tests
* fix project grant member commands
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* fix: adaot config to commands (and queries)
* remove dependency on vv2 in v1
* add queries user to operator
* set password for queries on tests
* set password for queries on tests
* fix config
